Friday, December 10, 2010

DDoS'ing into Oblivion

I don't know if you've noticed, but Distributed Denial of Service (DDoS) has taken the spotlight on center stage of this 3-ring circus we call the Internet.

If you don't know what a DDoS is, I suggest you go give Wikipedia a quick read, and maybe get WiFi in the cave.

What used to be a nuisance, and let's face it DDoS started out as a nuisance, has turned into an interesting and powerful weapon.  Tools like LOIC which is released by "Anonymous" and the OWASP tool that essentially does a similar task against web servers using slow header payloads are brutal.  These can cause serious outages and down web servers and entire sites, or even web farms.

Let's talk impact

  • Full pipe - a DDoS can fill your network pipe with junk traffic and effectively cut you off from the rest of the Internet
  • Overloaded server - a DDoS can actually completely overwhelm a piece of hardware, and cause the machine to die
  • Overloaded server - a DDoS can also overwhelm poorly (actually even no-so poorly) written software to completely stop responding and die
  • Software zombie - an interesting condition recently uncovered where a server is still completely responsive to other requests except that legitimate requests for targeted sites returning nothing at all
  • Huge bill - That's right, imagine paying for your Internet pipe by the megabyte... then you get a 100Mbit/sec flood for 12 straight hours ... you could go broke trying to pay that bill!
  • Bad PR - Imagine if you're launching a super-cool online game that some kid gets mad at and takes down your servers ...ouch!
Perfect example, Al-Akhbar's website has been decimated (and is still down) for a while now... interesting use of internet bandwidth.

So DDoS is a very versatile tool - and with literally millions and millions of zombie machines out there - maybe even YOURS - the attacker agents are plentiful.  I wonder what the horizon holds for DDoS attacks could be interesting.

1 comment:

Scott said...

Since DDoS has been around as long as bots have, I think the only thing newsworthy of it right now is that this time it's a voluntary, grass-roots DDoS as opposed to extortion or some other pseudo-criminal enterprise. The solutions are the same - leverage a large CDN, have your ISPs implement anti-DDoS capabilities, and low-TTL DNS with changing IP addresses until the attack wears off.